Sign up for our weekly security newsletter

Phishers Aiming College Faculty & Students as Targets

In some new waves of attack, phishers are choosing schools and universities as targets to send their fraudulent e-mails. Within the industry of information security, this kind of scam is called "spear phishing". Spear phishing is different from usual phishing in the manner that false e-mails are sent to specific groups of individuals.

Computers in colleges work like cabinets containing valuable data and which hackers relentlessly attempt to capture. In one such instance, hackers on January 9, 2008 scanned the computer networks of Virginia Tech 15,000 times in 10 hours.

In similar cases, other schools targeted have been the University of Notre Dame, Columbia University and Duke University. Faculty and students' e-mail accounts that turned into victims of the fraud like often were used to distribute further spam, IT administrators said, according to Securityfocus.com on February 1, 2008.

The subject line of the phishing e-mail read "Verify Your UGA E-mail Account". Understandably, the e-mail was constructed for those using uga.edu e-mail ids. The message pretended to be from the helpdesk of each school and it asked for the student's confirmation of his/her username and password and also other personal information relating to birth date and country the student originally belongs to.

The attacks that started since January 2008 and are still continuing have targeted thousands of e-mail addresses of faculty and students of the schools, suggest security mailing lists of school IT professionals.

Technical Director of the REN (Research and Education Network) of the ISAC (Information Sharing and Analysis Center), Mr. Douglas Pearson, said that the attacks have been widespread and for the US .edu addresses, attacks against small, large, private and public institutions have been observed. Securityfocus reported this.

At Princeton University, according to a representative, less than twelve individuals succumbed to the original scam, unknowingly revealing their usernames and passwords for sly intentions of the scammers. Securityfocus reported this.

At Walter Conway Associates, Consultant Walter Conway, who helps colleges to secure their payment mechanisms, said that with intricate information being stored in college computers across campuses, hackers are increasingly targeting them for self-gain. Cio-today reported this on January 30, 2008.